Skip to content

Instantly share code, notes, and snippets.

@iCyberon

iCyberon/verify_certificate.go

Forked from devtdeng/verify_certificate.go
Created November 13, 2019 13:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save iCyberon/c4c56631a3b7da1722fb775918c55ec8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save iCyberon/c4c56631a3b7da1722fb775918c55ec8 to your computer and use it in GitHub Desktop.
Download ZIP
Verify a certificate with chain with golang crypto library
Raw
verify_certificate.go
package main
import (
"crypto/x509"
"encoding/pem"
"io/ioutil"
"log"
"os"
)
func main() {
log.Printf("Usage: verify_certificate SERVER_NAME CERT.pem CHAIN.pem")
serverName := os.Args[1]
certPEM, err := ioutil.ReadFile(os.Args[2])
if err != nil {
log.Fatal(err)
}
rootPEM, err := ioutil.ReadFile(os.Args[3])
if err != nil {
log.Fatal(err)
}
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(rootPEM))
if !ok {
panic("failed to parse root certificate")
}
block, _ := pem.Decode([]byte(certPEM))
if block == nil {
panic("failed to parse certificate PEM")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
panic("failed to parse certificate: " + err.Error())
}
opts := x509.VerifyOptions{
Roots: roots,
DNSName: serverName,
Intermediates: x509.NewCertPool(),
}
if _, err := cert.Verify(opts); err != nil {
panic("failed to verify certificate: " + err.Error())
}
log.Printf("verification succeeds")
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment